admin/skato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 3 Releases Wiki Activity

Compare commits

base: admin:1b6811b42bc6354f9b440a31dd56a43859b898bf
Branches Tags
admin:main admin:streamlined_staging
..
compare: admin:f455483d664063995331642358a77bd3c310836d
Branches Tags
admin:streamlined_staging admin:main

14 Commits
1b6811b42b ... f455483d66

Author SHA1 Message Date
Alex Tavarez
f455483d66 brought back use of 'local_facts' variable to make use of local, control node user running plays for path completion 2026-06-10 14:08:01 -04:00
Alex Tavarez
9942fd94f8 created new package tasks for handler-based inclusions, otehrwise got username and home directory of SSH login for path purposes 2026-06-10 14:06:12 -04:00
Alex Tavarez
9d33b45dbc added files or templates to be copied or used for configuration of vim/nvim editors on remote host 2026-06-10 14:04:12 -04:00
Alex Tavarez
0cee2cbb79 changed an SSHD configuration file for remote host so its SSH server also allows agent forwarding from client 2026-06-10 14:02:40 -04:00
Alex Tavarez
50c7b6a56d made use of username of user logged in and running 'sudo' for particular tasks, added true 'become' attrbute to some tasks 2026-06-10 14:01:49 -04:00
Alex Tavarez
fc565fa3ce created new playbook for nonroot user login, moved package installation stage/order prior to user/group management 2026-06-10 13:57:11 -04:00
Alex Tavarez
c31acb2dcc changed passwords, added packages, moved some packages to different package groups for different instasllation approach by plays or role tasks 2026-06-10 13:54:23 -04:00
Alex Tavarez
55a5e956d4 removed core_pkgs variable as no longer needed 2026-06-10 13:53:36 -04:00
Alex Tavarez
a16351985f changed passwords, added packages, moved some packages to different package groups for different instasllation approach by plays or role tasks 2026-06-10 13:52:29 -04:00
Alex Tavarez
ac1eb31926 added agent forwarding capabilities to Ansible SSH connection client to enable private key use 2026-06-10 13:49:49 -04:00
Alex Tavarez
19929405ba excluded non-example, fully configured playbook from version control 2026-06-10 13:48:17 -04:00
Alex Tavarez
f54545b1dd renamed bash script file to reflect its function--automation of playbook runs 2026-06-10 13:47:20 -04:00
Alex Tavarez
4074eacb1f refactor: split up package installation tasks in accord with splittng of post-installation handlers, for use by separate playbooks 2026-06-10 13:46:18 -04:00
Alex Tavarez
af9fc3b4ca refactor: split up file into two distnct sets of handlers to be called separately by plays 2026-06-10 13:43:59 -04:00
33 changed files with 1426 additions and 235 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -6,6 +6,7 @@
/hosts.json
*.bak
/init@homeserver.yml
/administrate@homeserver.yml
# Ansible runtime and backups
*.original

29
administrate@homeserver.yml.example Normal file
View File

@@ -0,0 +1,29 @@
- name: Initialize homeserver
hosts: armitage
remote_user: senpai
tasks:
- name: Installing requisite packages
ansible.builtin.include_role:
name: init-server
tasks_from: userspace@install-pkgs
handlers_from: userspace
- name: Disable root user shell login
become: true
ansible.builtin.user:
name: root
shell: /sbin/nologin
tags:
- disable_root_shell
- name: Disable login for root user altogether
become: true
ansible.builtin.user:
name: root
password: "'*'"
tags:
- disable_root_login
- name: Configuring aliases for using git
community.general.git_config:
name: "alias.{{ item[0] }}"
scope: global
value: "{{ item[1] }}"
loop: []

2
ansible.cfg
View File

@@ -508,7 +508,7 @@ pipelining=False
# (int) For keys inserted into an agent defined by ``SSH_AGENT``, define a lifetime, in seconds, that the key may remain in the agent.
;ssh_agent_key_lifetime=
ssh_args='-o ControlMaster=auto -o ControlPersist=300s -o PreferredAuthentications=publickey'
ssh_args='-o ControlMaster=auto -o ControlPersist=300s -o PreferredAuthentications=publickey -o ForwardAgent=yes'
[colors]

5
bootstrap.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/bash
set -euo pipefail
sudo ansible-playbook --ask-pass --ask-become-pass -i hosts.yml init@homeserver.yml
ansible-playbook --ask-become-pass -i hosts.test.yml administrate@homeserver.yml

3
dry_run.sh
View File

@@ -1,3 +0,0 @@
#!/bin/bash
ansible-playbook --ask-pass --ask-become-pass -i hosts.yml init@homeserver.yml --check

330
group_vars/armitage.yml
View File

@@ -18,7 +18,7 @@ ssh_keys:
- ecdsa@sukaato.hikiki
# <list<dict>> list of administrative users (in Linux, users that can use "sudo")
admins:
- username: admin # <str> arbitrary valid user name
- username: senpai # <str> arbitrary valid user name
services: ~ # <list[<str>]> if linux system user, assocated servce
# <list[<str>]> list of control node or local SSH key basenames for this user
ssh_keys:
@@ -27,37 +27,70 @@ admins:
# <str<vault?>> hashed (and maybe salted) password
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31663265653031323833373663653132653532646638316465393364613961643130653330393062
6165386239303965386261363565353137636164356130370a336465353931373564393339363561
37353162333331663833656631663165356134633961323337663439663733316231666334336539
6537373334326634610a623037613462663733343230306538386561363838316638623365636533
32313931666439363435663161663665346266653763343265376366383837376436643163376430
39393861613037333766386138376335653334363737626664383236303234653461313230383564
33393834636165386562383435666233313664656233326364616237636230303264363732376639
64396564366335366430303031323865333635306536346463386334303235386438663061343934
37376466373566396130366330383834323332626166316661336339346462343466
# @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey'
# and edit 'roles/init-server/install-pks.yml' accordngly
34636132613365646330653431653236303563623464316638643439373761366564663264613738
3033343264373264333362616434333465323439653134340a643066663832353965313434386639
38366263646638353632656431366638393939623537326233306132306436363338373161643433
3439653833333164390a303430616561356464393030353433303738383730643330323031373432
62386231653339616436383837383966643539353036353034363132633539643332386131613537
31356230383561663735363530393562363237343166323635666665386165633130653864646238
39323735386161646531323335393639353630376136663063393930326434346435343937623336
33336132663238326662323536326638333139313535373166636363336366663962373936383536
62303536363939316563646630633064306364366331623665646533633065336236
# <dict[<str>:<dict>]> package groups
pkgs:
# <dict[<str>:<dict>]> representing package groups installed by package manager via repositories
mngr:
# <list[<dict>]> representing system-level or essential packages
core:
- name: neovim
- name: sudo
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: kitty-terminfo
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: whois
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: vim
uri: ~
sources: ~
sigkey: ~
types: ~
suites: ~
comps: ~
- name: flatpak
- name: vim-vimwiki
uri: ~
sources: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: vim-doc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
# - name: flatpak
# uri: ~
# sources: ~
# sigkey: ~
# types: ~
# suites: ~
# comps: ~
- name: snapd
uri: ~
sources: ~
@@ -72,6 +105,27 @@ pkgs:
types: ~
suites: ~
comps: ~
- name: git-delta
uri: ~
sources: ~
sigkey: ~
types: ~
suites: ~
comps: ~
- name: git-doc
uri: ~
sources: ~
sigkey: ~
types: ~
suites: ~
comps: ~
- name: git-man
uri: ~
sources: ~
sigkey: ~
types: ~
suites: ~
comps: ~
- name: fail2ban
uri: ~
sources: ~
@@ -93,13 +147,6 @@ pkgs:
types: deb
suites: "*"
comps: "*"
- name: vim-vimwiki
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: pandoc
uri: ~
sigkey: ~
@@ -121,29 +168,175 @@ pkgs:
types: ~
suites: ~
comps: ~
# # @TODO troubleshoot radicle installation issue or change installation method for radicle to script
# - name: radicle-keyring
# uri: "https://radicle.dev/apt/radicle-archive-keyring.deb"
# sigkey: ~
# sources: ~
# types: ~
# suites: ~
# comps: ~
# - name: radicle
# uri: ~
# sigkey: "https://radicle.dev/apt/radicle-archive-keyring.deb"
# sources: "https://radicle.dev/apt"
# types: deb
# suites: release
# comps: main
# - name: syncthing
# uri: ~
# sigkey: ~
# sources: ~
# types: ~
# suites: ~
# comps: ~
- name: curl
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: build-essential
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: fastfetch
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: gcc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: gcc-doc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: dpkg-dev
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: xz-utils
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: ufw
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: avahi-utils
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: libpam-google-authenticator
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: libpam-u2f
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: pamu2fcfg
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: pcscd
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: tftpd-hpa
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: apache2
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: apache2-doc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: gocryptfs
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: cryfs
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: tmux
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: squid
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: cpu-checker
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: asciidoc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: libpam-doc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
userspace:
- name: neovim
uri: ~
sources: ~
sigkey: ~
types: ~
suites: ~
comps: ~
- name: podman
uri: ~
sigkey: ~
@@ -228,6 +421,13 @@ pkgs:
types: ~
suites: ~
comps: ~
- name: erlang-doc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: erlang-hex
uri: ~
sigkey: ~
@@ -263,6 +463,13 @@ pkgs:
types: ~
suites: ~
comps: ~
- name: python3-doc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: golang
uri: ~
sigkey: ~
@@ -270,6 +477,13 @@ pkgs:
types: ~
suites: ~
comps: ~
- name: golang-doc
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: hugo
uri: ~
sigkey: ~
@@ -302,8 +516,8 @@ pkgs:
script:
# <list[<dict>]> representing user-level or supplemental shell script installations
userspace:
- name: nvm
src: "https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh"
- name: radicle
src: "https://radicle.dev/install"
pre: ~
post: ~
- name: rustup
@@ -323,18 +537,34 @@ pkgs:
# <list[<dict>]> representing user-level or supplemental source archives
userspace:
- name: surge
# @NOTE https://github.com/SurgeDM/Surge
src: "https://github.com/SurgeDM/Surge/releases/download/v0.8.6/Surge_0.8.6_linux_amd64.tar.gz"
deploy: ~
pre: ~
post: ~
- name: nvm
src: "https://nodejs.org/dist/v24.16.0/node-v24.16.0-linux-x64.tar.xz"
deploy: ~
pre: ~
post: ~
- name: difftastic
src: "https://github.com/Wilfred/difftastic/releases/download/0.69.0/difft-x86_64-unknown-linux-gnu.tar.gz"
deploy: ~
pre: ~
post: ~
# <dict[<str>:<dict>]> representing package groups installed from source git repositories
git_repos:
userspace:
# # @TODO use below to build Podman container instead, to deploy with podman-compose
# # @NOTE https://github.com/papis/papis and https://papis.readthedocs.io/en/latest/
# - name: papis
# src: "https://github.com/papis/papis.git"
# branch: main
# deploy: ~
# pre: ~
# post: ~
- name: quartz
src: "https://github.com/jackyzha0/quartz.git"
branch: main
branch: v5.0.0
deploy: ~
pre: ~
post: ~
core_pkgs: "{{ (pkgs.mngr.core | default([])) + (pkgs.script.core | default([])) + (pkgs.archive.core | default([])) + (pkgs.git_repos.core | default([])) + (pkgs.containers.core | default([])) + (pkgs.snaps.core | default([])) + (pkgs.flatpaks.core | default([])) }}"
post: ~

3
group_vars/homeserver.yml
View File

@@ -101,5 +101,4 @@ pkgs:
# <list[<dict>]> representing system-level or essential flatpaks
core: []
# <list[<dict>]> representing user-level or supplemental flatpaks
userspace: []
core_pkgs: [] # @TODO document this
userspace: []

84
group_vars/sukaato.yml
View File

@@ -47,8 +47,6 @@ admins:
33393834636165386562383435666233313664656233326364616237636230303264363732376639
64396564366335366430303031323865333635306536346463386334303235386438663061343934
37376466373566396130366330383834323332626166316661336339346462343466
# @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey'
# and edit 'roles/init-server/install-pks.yml' accordngly
# <dict[<str>:<dict>]> package groups
pkgs:
# <dict[<str>:<dict>]> representing package groups installed by package manager via repositories
@@ -132,28 +130,49 @@ pkgs:
types: ~
suites: ~
comps: ~
# # @TODO troubleshoot radicle installation issue or change installation method for radicle to script
# - name: radicle-keyring
# uri: "https://radicle.dev/apt/radicle-archive-keyring.deb"
# sigkey: ~
# sources: ~
# types: ~
# suites: ~
# comps: ~
# - name: radicle
# uri: ~
# sigkey: "https://radicle.dev/apt/radicle-archive-keyring.deb"
# sources: "https://radicle.dev/apt"
# types: deb
# suites: release
# comps: main
# - name: syncthing
# uri: ~
# sigkey: ~
# sources: ~
# types: ~
# suites: ~
# comps: ~
# @TODO make sure to create handler inclusion of tasks in file under/at `tasks/contingent/pkg` for below
- name: ufw
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: avahi-utils
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: libpam-google-authenticator
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: libpam-u2f
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: pamu2fcfg
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
- name: pcscd
uri: ~
sigkey: ~
sources: ~
types: ~
suites: ~
comps: ~
userspace:
- name: podman
uri: ~
@@ -313,8 +332,8 @@ pkgs:
script:
# <list[<dict>]> representing user-level or supplemental shell script installations
userspace:
- name: nodejs
src: "https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh"
- name: radicle
src: "https://radicle.dev/install"
pre: ~
post: ~
- name: rustup
@@ -334,20 +353,21 @@ pkgs:
# <list[<dict>]> representing user-level or supplemental source archives
userspace:
- name: surge
# @NOTE https://github.com/SurgeDM/Surge
src: "https://github.com/SurgeDM/Surge/releases/download/v0.8.6/Surge_0.8.6_linux_amd64.tar.gz"
deploy: ~
pre: ~
post: ~
- name: nvm
src: "https://nodejs.org/dist/v24.16.0/node-v24.16.0-linux-x64.tar.xz"
deploy: ~
pre: ~
post: ~
# <dict[<str>:<dict>]> representing package groups installed from source git repositories
git_repos:
userspace:
- name: quartz
src: "https://github.com/jackyzha0/quartz.git"
src_path: "{{ ansible_facts['user_dir'] }}/repos/"
remote: origin
branch: main
branch: v5.0.0
deploy: ~
pre: ~
post: ~
core_pkgs: "{{ (pkgs.mngr.core | default([])) + (pkgs.script.core | default([])) + (pkgs.archive.core | default([])) + (pkgs.git_repos.core | default([])) + (pkgs.containers.core | default([])) + (pkgs.snaps.core | default([])) + (pkgs.flatpaks.core | default([])) }}"
post: ~

3
group_vars/vps.yml
View File

@@ -102,5 +102,4 @@ pkgs:
# <list[<dict>]> representing system-level or essential flatpaks
core: []
# <list[<dict>]> representing user-level or supplemental flatpaks
userspace: []
core_pkgs: [] # @TODO document this
userspace: []

21
init@homeserver.yml.example
View File

@@ -5,8 +5,8 @@
vars:
harden: true
local_facts:
user_dir: ~
user_id: ~
user_id: ~ # REQUIRED
user_dir: ~ # REQUIRED
tasks:
- name: Hardening SSH server
ansible.builtin.include_role:
@@ -17,12 +17,15 @@
# defaults_from: main # not required. File to load from a role's C(defaults/) directory.
# allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
# handlers_from: main # not required. File to load from a role's C(handlers/) directory.
- name: Installing requisite packages
ansible.builtin.include_role:
name: init-server
tasks_from: core@install-pkgs
handlers_from: core
# - name: Reboot machine for shell environment change
# ansible.builtin.reboot:
# msg: Rebooting machine
- name: Initializing groups and users
ansible.builtin.include_role:
name: init-server # required. The name of the role to be executed.
# apply: # not required. Accepts a hash of task keywords (e.g. C(tags), C(become)) that will be applied to all tasks within the included role.
tasks_from: ssh-users # not required. File to load from a role's C(tasks/) directory.
vars_from: main # not required. File to load from a role's C(vars/) directory.
defaults_from: main # not required. File to load from a role's C(defaults/) directory.
# allow_duplicates: True # not required. Overrides the role's metadata setting to allow using a role more than once with the same parameters.
# handlers_from: main # not required. File to load from a role's C(handlers/) directory.
name: init-server
tasks_from: ssh-users

1
roles/init-server/files/sshd_config.d/auth.conf
View File

@@ -4,4 +4,5 @@ PubkeyAuthentication yes
KbdInteractiveAuthentication no # enable if implementing TOTP 2FA
UsePAM yes
PrintMotd yes
AllowAgentForwarding yes
Banner /etc/banner

5
roles/init-server/files/user/config/nvim/init.vim Normal file
View File

@@ -0,0 +1,5 @@
set runtimepath^=~/.vim runtimepath+=~/.vim/after
let &packpath = &runtimepath
source ~/.vimrc

11
roles/init-server/handlers/core.yml Normal file
View File

@@ -0,0 +1,11 @@
# SPDX-License-Identifier: MIT-0
---
# handlers file for roles/init-vps
- name: Setting up Radicle
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/radicle.yml
listen: radicle
- name: Setting up ViM
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/vim.yml
listen: vim

7
roles/init-server/handlers/main.yml
View File

@@ -1,7 +0,0 @@
# SPDX-License-Identifier: MIT-0
---
# handlers file for roles/init-vps
- name: Setting up Quartz
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/quartz.yml
listen: quartz

43
roles/init-server/handlers/userspace.yml Normal file
View File

@@ -0,0 +1,43 @@
# SPDX-License-Identifier: MIT-0
---
# handlers file for roles/init-vps
- name: Settng up NeoViM
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/neovim.yml
listen: neovim
- name: Settng up Difftastic
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/difftastic.yml
listen: difftastic
- name: Settng up Git
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/git.yml
listen: git
- name: Setting up NodeJS
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/nvm.yml
listen: nvm
- name: Setting up Rust
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/rustup.yml
listen: rustup
- name: Setting up Julia
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/julia.yml
listen: julia
- name: Setting up UV
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/uv.yml
listen: uv
- name: Setting up Radicle
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/radicle.yml
listen: radicle
- name: Setting up Surge
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/surge.yml
listen: surge
- name: Setting up Quartz
ansible.builtin.include_tasks:
file: tasks/contingent/pkg/quartz.yml
listen: quartz

26
roles/init-server/tasks/contingent/pkg/difftastic.yml Normal file
View File

@@ -0,0 +1,26 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/downloads/archives/released/difftastic/{{ item }}"
dest: "{{ ansible_user_home.stdout }}/.local/bin/{{ item }}"
state: hard
loop:
- difft
- name: Linking binaries to directories already in PATH environment variable
become: true
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/downloads/archives/released/difftastic/{{ item }}"
dest: "/usr/local/bin/{{ item }}"
state: link
loop:
- difft
- name: Configuring usage of Difftastic as default git difference tool for user
community.general.git_config:
name: diff.tool
scope: global
value: difftastic

118
roles/init-server/tasks/contingent/pkg/git.yml Normal file
View File

@@ -0,0 +1,118 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
- name: Configuring system-level git settings
become: true
block:
- name: Making commit feedback more verbose
community.general.git_config:
name: commit.verbose
scope: system
value: "true"
state: present
- name: Setting default merge conflict approach algorithm
community.general.git_config:
name: merge.conflictstyle
scope: system
value: zdiff3
state: present
- name: Setting default merging tool for conflicts
community.general.git_config:
name: merge.tool
scope: system
value: nvimdiff
state: present
- name: Ensuring backups prior to merge solution implementation
community.general.git_config:
name: merge.keebbackup
scope: system
value: "true"
state: present
- name: Configuring rebase to autosquash
community.general.git_config:
name: rebase.autosquash
scope: system
value: "true"
state: present
- name: Enforcng error message for missing entries in local commit history
community.general.git_config:
name: rebase.missingCommitsCheck
scope: system
value: error
state: present
- name: Setting the default branch's default name on repository initialization
community.general.git_config:
name: init.defaultBranch
scope: system
value: main
state: present
- name: Setting default pager for, or called by, git
community.general.git_config:
name: core.pager
scope: system
value: delta
state: present
- name: Ensuring git push/pull space handling compatibility with non-Linux operating systems
community.general.git_config:
name: core.autocrlf
scope: system
value: "false"
state: present
- name: Setting default text editor for, or called by, git
community.general.git_config:
name: core.editor
scope: system
value: nvim
state: present
- name: Setting difference filtering tool to delta
community.general.git_config:
name: interactive.diffFilter
scope: system
value: delta
state: present
- name: Setting default difference- finding or presenting approach algorithm
community.general.git_config:
name: diff.algorithm
scope: system
value: histogram
state: present
- name: Setting difference tool for, or called by, git
community.general.git_config:
name: diff.tool
scope: system
value: nvimdiffs
state: present
- name: Setting the default amount of context for git to show around a difference
community.general.git_config:
name: diff.context
scope: system
value: "10"
state: present
- name: Ensuring data integrity and validity is checked prior to fetch or transfer actions
community.general.git_config:
name: "{{ item }}.fsckobjects"
scope: system
value: "true"
state: present
loop:
- transfer
- fetch
- name: Ensuring data integrity and validity is checked prior to reception of data
community.general.git_config:
name: receive.fsckObjects
scope: system
value: "true"
state: present
- name: Setting git TUI to have color
community.general.git_config:
name: color.ui
scope: system
value: "true"
state: present

32
roles/init-server/tasks/contingent/pkg/julia.yml Normal file
View File

@@ -0,0 +1,32 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Executing shell-scripted installation process for Julia
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.shell:
cmd: "{{ ansible_user_home.stdout }}/.local/bin/julia-install.sh --yes"
creates: "{{ ansible_user_home.stdout }}/.juliaup/bin"
- name: Linking binaries to directories already in PATH environment variable
become: true
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.juliaup/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}"
owner: root
group: root
state: link
loop:
- julia
- julialauncher
- juliaup
- name: Reboot machine for shell environment change
ansible.builtin.reboot:
msg: Rebooting machine

36
roles/init-server/tasks/contingent/pkg/neovim.yml Normal file
View File

@@ -0,0 +1,36 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
- name: Copy system ViM configuration to home directory
become: true
ansible.builtin.copy:
remote_src: /root/.vimrc
dest: "{{ ansible_user_home.stdout }}/.vimrc"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "644"
state: present
- name: Creating directory tree for NeoViM configuration files
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.config/nvim"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Configuring NeoViM
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.copy:
src: user/config/nvim/init.vim
dest: "{{ ansible_user_home.stdout }}/.config/nvim/init.vim"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "644"
state: present

95
roles/init-server/tasks/contingent/pkg/nvm.yml Normal file
View File

@@ -0,0 +1,95 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Find all NVM pre-built binary (sub)directories
ansible.builtin.find:
paths: "{{ ansible_user_home.stdout }}/downloads/archives/released/nvm"
patterns: "^node-v[0-9]*\\."
file_type: directory
use_regex: true
register: prebuilt_nodes
- name: Bootstrapping NVM
become: true
block:
- name: Grabbing only path information for pre-built binary (sub)directories
ansible.builtin.set_fact:
prebuilt_nodepaths: "{{ prebuilt_nodes.files | map(attribute='path') }}"
- name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file:
src: "{{ item[0] }}/bin/{{ item[1] }}"
dest: "/usr/local/bin/{{ item[1] }}"
owner: root
group: root
state: link
loop: "{{ prebuilt_nodepaths | product(['node']) }}"
- name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file:
src: "{{ item[0] }}/lib/node_modules/corepack/dist/{{ item[1] }}.js"
dest: "/usr/local/bin/{{ item[1] }}"
owner: root
group: root
state: link
loop: "{{ prebuilt_nodepaths | product(['corepack']) }}"
- name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file:
src: "{{ item[0] }}/lib/node_modules/npm/bin/{{ item[1] }}-cli.js"
dest: "/usr/local/bin/{{ item[1] }}"
owner: root
group: root
state: link
loop: "{{ prebuilt_nodepaths | product(['npm','npx']) }}"
- name: Link includes to directories already recognized by system
ansible.builtin.file:
src: "{{ item[0] }}/include/{{ item[1] }}"
dest: "/usr/local/include/{{ item[1] }}"
owner: root
group: root
state: link
loop: "{{ prebuilt_nodepaths | product(['node']) }}"
- name: Link requisite libraries to directories already recognized by system
ansible.builtin.file:
src: "{{ item[0] }}/lib/{{ item[1] }}"
dest: "/usr/local/lib/{{ item[1] }}"
owner: root
group: root
state: link
loop: "{{ prebuilt_nodepaths | product(['node_modules']) }}"
- name: Create man1 subdirectory for man pages
ansible.builtin.file:
path: /usr/local/share/man/man1
recurse: true
owner: root
group: root
mode: "644"
state: directory
- name: Link shared resources to directories already recognized by system
ansible.builtin.file:
src: "{{ item[0] }}/share/man/man1/{{ item[1] }}.1"
dest: "/usr/local/share/man/man1/{{ item[1] }}.1"
owner: root
group: root
state: link
loop: "{{ prebuilt_nodepaths | product(['node']) }}"
- name: Create man1 subdirectory for man pages
ansible.builtin.file:
path: /usr/local/share/doc
recurse: true
owner: root
group: root
mode: "644"
state: directory
- name: Link shared resources to directories already recognized by system
ansible.builtin.file:
src: "{{ item[0] }}/share/doc/{{ item[1] }}"
dest: "/usr/local/share/doc/{{ item[1] }}"
owner: root
group: root
state: link
loop: "{{ prebuilt_nodepaths | product(['node']) }}"
- name: Reboot machine for shell environment change
ansible.builtin.reboot:
msg: Rebooting machine

18
roles/init-server/tasks/contingent/pkg/quartz.yml
View File

@@ -1,26 +1,26 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Installing NodeJS dependencies of quartz software
community.general.npm:
executable: "{{ ansible_facts['user_dir'] }}/.nvm/versions/node/v24.11.1/lib/node_modules/npm"
path: "{{ ansible_facts['user_dir'] }}/repos/.foreign/quartz"
path: "{{ ansible_user_home.stdout }}/repos/.foreign/quartz"
state: latest
- name: Configuring quartz software
block:
- name: Initializing quartz website
ansible.builtin.command:
chdir: "{{ ansible_facts['user_dir'] }}/repos/.foreign/quartz"
chdir: "{{ ansible_user_home.stdout }}/repos/.foreign/quartz"
cmd: npx quartz create
register: stdout
changed_when: stdout.rc == 0
- name: Installing quartz plugins referenced in website template
ansible.builtin.command:
chdir: "{{ ansible_facts['user_dir'] }}/repos/.foreign/quartz"
chdir: "{{ ansible_user_home.stdout }}/repos/.foreign/quartz"
cmd: npx quartz plugin install --from-config
register: stdout
changed_when: stdout.rc == 0
# - name: Starting quartz site web server
# ansible.builtin.command:
# chdir: "{{ ansible_facts['user_dir'] }}/repos/.foreign/quartz"
# chdir: "{{ ansible_user_home.stdout }}/repos/.foreign/quartz"
# cmd: npx quartz build --serve
# register: stdout
# changed_when: stdout

51
roles/init-server/tasks/contingent/pkg/radicle.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Executing shell-scripted installation process for Radicle
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.shell:
cmd: "{{ ansible_user_home.stdout }}/.local/bin/radicle-install.sh"
creates: "{{ ansible_user_home.stdout }}/.radicle"
- name: Bootstrapping Radicle
become: true
block:
- name: Linking binaries to directories already in PATH environment variable
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.radicle/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}"
state: link
loop:
- rad
- radicle-node
- git-remote-rad
- name: Create man1 subdirectory for man pages
ansible.builtin.file:
path: /usr/local/share/man/man1
recurse: true
owner: root
group: root
mode: "644"
state: directory
- name: Link manpages to Linux manpage directories
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.radicle/man/man1/{{ item }}.1"
dest: "/usr/local/share/man/man1/{{ item }}.1"
state: link
loop:
- rad
- radicle-node
- git-remote-rad
- rad-id
- rad-patch
- name: Reboot machine for shell environment change
ansible.builtin.reboot:
msg: Rebooting machine

28
roles/init-server/tasks/contingent/pkg/rustup.yml Normal file
View File

@@ -0,0 +1,28 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Executing shell-scripted installation process for Rust
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.shell:
cmd: "{{ ansible_user_home.stdout }}/.local/bin/rustup-install.sh -yq"
creates: "{{ ansible_user_home.stdout }}/.cargo/bin"
- name: Linking binaries to directories already in PATH environment variable
become: true
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.cargo/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}"
state: link
loop:
- rustup
- name: Reboot machine for shell environment change
ansible.builtin.reboot:
msg: Rebooting machine

26
roles/init-server/tasks/contingent/pkg/surge.yml Normal file
View File

@@ -0,0 +1,26 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Linking binaries to directories already in PATH environment variable
become: true
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/downloads/archives/released/surge/{{ item }}"
dest: "/usr/local/bin/{{ item }}"
state: link
loop:
- surge
- name: Installing accompanying complementary Surge system service
ansible.builtin.command:
cmd: surge service install
- name: Acquiring API token for remote Surge service control
ansible.builtin.command:
cmd: surge token
register: surge_token
- name: Presenting Surge API token to Control Node
ansible.builtin.debug:
msg: "Make sure to store the following API token for Surge:\n {{ surge_token.stdout }}"
- name: Pausing to ensure completion of manual act
ansible.builtin.pause:

29
roles/init-server/tasks/contingent/pkg/uv.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Executing a shell-scripted installation process
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.shell:
cmd: "{{ ansible_user_home.stdout }}/.local/bin/uv-install.sh"
creates: "{{ ansible_user_home.stdout }}/.local/bin/uv"
- name: Linking binaries to directories already in PATH environment variable
become: true
ansible.builtin.file:
src: "{{ ansible_user_home.stdout }}/.local/bin/{{ item }}"
dest: "/usr/local/bin/{{ item }}"
state: link
loop:
- uv
- uvx
- name: Reboot machine for shell environment change
ansible.builtin.reboot:
msg: Rebooting machine

71
roles/init-server/tasks/contingent/pkg/vim.yml Normal file
View File

@@ -0,0 +1,71 @@
---
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Preparing to create a directory structure for ViM paths
become: true
become_user: "{{ current_user.stdout }}"
block:
- name: Creating directory structure for ViM paths
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.vim/{{ item }}"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
loop:
- autoload
- backup
- colors
- plugged
- name: Pulling and integrating ViM plugin manager
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.uri:
url: "https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim"
dest: "{{ ansible_user_home.stdout }}/.vim/autoload/"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
force: true
mode: "644"
follow_redirects: safe
- name: Configuring ViM
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.template:
src: vimrc.j2
dest: "{{ ansible_user_home.stdout }}/.vimrc"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
force: true
backup: true
vars:
vim_spatialize: true
vim_tabgap: 2
vim_blockedcursor: true
vim_historyspan: 500
vim_origami: true
vim_eddelimiters: true
vim_gitspice: true
vim_statusline: true
vim_fancycomment: true
vim_idelangs: true
vim_pathcompletion: true
vimignore:
- "*.docx"
- "*.jpg"
- "*.png"
- "*.gif"
- "*.pdf"
- "*.pyc"
- "*.exe"
- "*.flv"
- "*.img"
- "*.xlsx"

163
roles/init-server/tasks/core@install-pkgs.yml Normal file
View File

@@ -0,0 +1,163 @@
#SPDX-License-Identifier: MIT-0
---
# tasks file for roles/init-vps
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Creating prerequisite directory tree for installation scripts
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.local/bin"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Creating prerequisite directory tree for unarchived archives
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/downloads/archives/released"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Creating prerequisite directory tree for package installation executables
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.local_pkgs"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Installing Linux software
when: ansible_facts["system"] == "Linux"
block:
- name: Installing software using Debian package manager
when: ansible_facts["os_family"] == "Debian"
become: true
block:
- name: Updating package cache
ansible.builtin.apt:
update_cache: true
- name: Registering a package source
when: item.sources != None
ansible.builtin.deb822_repository:
name: "{{ item.name }}"
uris: "{{ item.sources }}"
types: "{{ item.types | default('deb') }}"
suites: "{{ item.suites | default('*') }}"
components: "{{ item.comps | default('*') }}"
signed_by: "{{ item.sigkey }}"
state: present
loop: "{{ ((pkgs.mngr.core | default([]))) }}"
- name: Installing a local package in managed node
when: item.uri != None
ansible.builtin.apt:
deb: "{{ item.uri }}"
state: present
# @TODO add a default value for notify
# notify: "{{ item.name }}"
loop: "{{ (pkgs.mngr.core | default([])) | selectattr('uri', 'search', '\\.deb$') }}"
- name: Updating package cache
ansible.builtin.apt:
update_cache: true
- name: Installing a package
when: item.name != None and item.uri == None
ansible.builtin.package:
name: "{{ item.name }}"
state: latest
# @TODO add a default value for notify
# notify: "{{ item.name }}"
loop: "{{ ((pkgs.mngr.core | default([]))) | rejectattr('uri', 'search', '\\.deb$') }}"
tags:
- get_mngr_pkgs
- name: Installing software by executing installation shell scripts
block:
- name: Acquiring installation shell script
become: true
become_user: "{{ current_user.stdout }}"
when: item.src != None and (((pkgs.script.core | default([]))) | length) > 0
ansible.builtin.uri:
url: "{{ item.src }}"
dest: "{{ ansible_user_home.stdout }}/.local/bin/{{ item.name }}-install.sh"
follow_redirects: safe
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
force: true
mode: "744"
# @TODO add a default value for notify
notify: "{{ ((pkgs.script.core | default([])))[idx].name }}"
loop: "{{ (pkgs.script.core | default([])) }}"
loop_control:
index_var: idx
register: install_scripts
tags:
- get_script_pkgs
- name: Installing software by building it from source archives
block:
- name: Acquiring software source archive
become: true
become_user: "{{ current_user.stdout }}"
when: item.src != None
ansible.builtin.get_url:
url: "{{ item.src }}"
dest: "{{ ansible_user_home.stdout }}/downloads/archives/"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
force: true
backup: true
mode: "644"
loop: "{{ (pkgs.archive.core | default([])) }}"
register: archived_builds
- name: Create subdirectories for unarchiving
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/downloads/archives/released/{{ ((pkgs.archive.core | default([])))[idx].name }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "755"
state: directory
loop: "{{ archived_builds.results }}"
loop_control:
index_var: idx
- name: Unarchiving software build archive
when: item.dest != None and (((pkgs.script.core | default([]))) | length) > 0
ansible.builtin.unarchive:
src: "{{ item.dest }}"
remote_src: true
dest: "{{ ansible_user_home.stdout }}/downloads/archives/released/{{ ((pkgs.archive.core | default([])))[idx].name }}/"
# @TODO add a default value for notify
notify: "{{ ((pkgs.archive.core | default([])))[idx].name }}"
loop: "{{ archived_builds.results }}"
loop_control:
index_var: idx
tags:
- get_archive_pkgs
- name: Installing software from source git repositories
block:
- name: Clone git bare repository
become: true
become_user: "{{ current_user.stdout }}"
when: item.src != None
ansible.builtin.git:
repo: "{{ item.src }}"
dest: "{{ ansible_user_home.stdout }}/repos/.foreign/{{ item.name }}"
version: "{{ item.branch }}"
clone: true
single_branch: true
# @TODO add a default value for notify
notify: "{{ item.name }}"
loop: "{{ (pkgs.git_repos.core | default([])) }}"
register: installation_repos
tags:
- get_git_pkgs

6
roles/init-server/tasks/harden.yml
View File

@@ -1,11 +1,17 @@
#SPDX-License-Identifier: MIT-0
---
# tasks file for roles/init-vps
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Checking whether administrative login used
when: ansible_user not in (admins | map(attribute="username") | list) and ansible_user != "root"
ansible.builtin.fail:
msg: Must use administrative user for subsequent tasks
- name: Hardening SSH service
become: true
ansible.builtin.copy:
src: sshd_config.d/harden.conf
dest: /etc/ssh/sshd_config.d/harden.conf

117
roles/init-server/tasks/install-pkgs.yml
View File

@@ -1,117 +0,0 @@
#SPDX-License-Identifier: MIT-0
---
# tasks file for roles/init-vps
- name: Creating prerequisite directory tree for installation scripts
ansible.builtin.file:
path: "{{ ansible_facts['user_dir'] }}/.local/bin"
recurse: true
state: directory
- name: Creating prerequisite directory tree for unarchived archives
ansible.builtin.file:
path: "{{ ansible_facts['user_dir'] }}/downloads/archives/released"
recurse: true
state: directory
- name: Creating prerequisite directory tree for package installation executables
ansible.builtin.file:
path: "{{ ansible_facts['user_dir'] }}/.local_pkgs"
recurse: true
state: directory
- name: Installing Linux software
when: ansible_facts["system"] == "Linux"
block:
- name: Installing software using Debian package manager
when: ansible_facts["os_family"] == "Debian"
become: true
block:
- name: Registering a package source
when: item.sources != None
ansible.builtin.deb822_repository:
name: "{{ item.name }}"
uris: "{{ item.sources }}"
types: "{{ item.types | default('deb') }}"
suites: "{{ item.suites | default('*') }}"
components: "{{ item.comps | default('*') }}"
signed_by: "{{ item.sigkey }}"
state: present
loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) }}"
- name: Installing a local package in managed node
when: item.uri != None
ansible.builtin.apt:
deb: "{{ item.uri }}"
update_cache: true
state: present
notify: "{{ item.name }}"
loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) | selectattr('uri', 'search', '\\.deb$') }}"
- name: Installing a package
when: item.name != None and item.uri == None
ansible.builtin.package:
name: "{{ item.name }}"
update_cache: true
state: latest
# notify: "{{ item.name }}" # @TODO create corresponding roles/init-vps handlers
loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) | rejectattr('uri', 'search', '\\.deb$') }}"
tags:
- get_mngr_pkgs
- name: Installing software by executing installation shell scripts
block:
- name: Acquiring installation shell script
when: item.src != None
ansible.builtin.get_url:
url: "{{ item.src }}"
dest: "{{ ansible_facts['user_dir'] }}/.local/bin/{{ item.name }}-install.sh"
force: true
backup: true
mode: "744"
loop: "{{ (pkgs.script.core | default([])) + (pkgs.script.userspace | default([])) }}"
register: install_scripts
- name: Executing a shell-scripted installation process
when: item.src != None and (((pkgs.script.core | default([])) + (pkgs.script.userspace | default([]))) | length) > 0
become: true
ansible.builtin.shell:
cmd: "{{ item.dest }}"
notify: "{{ ((pkgs.script.core | default([])) + (pkgs.script.userspace | default([])))[idx].name }}"
loop: "{{ install_scripts.results }}"
loop_control:
index_var: idx
tags:
- get_script_pkgs
# @TODO complete below block task
- name: Installing software by building it from source archives
block:
- name: Acquiring software source archive
when: item.src != None
ansible.builtin.get_url:
url: "{{ item.src }}"
dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/"
force: true
backup: true
mode: "644"
loop: "{{ (pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])) }}"
register: archived_builds
- name: Unarchiving software build archive
when: item.dest != None and (((pkgs.script.core | default([])) + (pkgs.script.userspace | default([]))) | length) > 0
ansible.builtin.unarchive:
src: "{{ item.dest }}"
remote_src: true
dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/released/{{ ((pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])))[idx].name }}/"
notify: "{{ ((pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])))[idx].name }}"
loop: "{{ archived_builds.results }}"
loop_control:
index_var: idx
tags:
- get_archive_pkgs
- name: Installing software from source git repositories
block:
- name: Clone git bare repository
when: item.src != None
ansible.builtin.git:
repo: "{{ item.src }}"
dest: "{{ ansible_facts['user_dir'] }}/repos/.foreign/{{ item.name }}"
version: "{{ item.branch }}"
clone: true
single_branch: true
notify: "{{ item.name }}"
loop: "{{ (pkgs.git_repos.core | default([])) + (pkgs.git_repos.userspace | default([])) }}"
register: installation_repos
tags:
- get_git_pkgs

7
roles/init-server/tasks/lock.yml
View File

@@ -2,6 +2,11 @@
---
# tasks file for roles/init-vps
# @TODO complete below tasks
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Checking whether administrative login used
when: ansible_user not in (admins | map(attribute="username") | list)
ansible.builtin.fail:
@@ -46,8 +51,6 @@
when: ansible_facts["system"] == "Linux"
become: true
ansible.builtin.blockinfile:
# src: sshd_config.d/sftp.conf.j2
# dest: /etc/ssh/sshd_config.d/sftp.conf
path: /etc/ssh/sshd_config.d/sftp.conf
block: |
Match Group {{ item.name }}

2
roles/init-server/tasks/spawn.yml
View File

@@ -6,7 +6,7 @@
delegate_facts: true
delegate_to: localhost
ansible.builtin.find:
paths: "{{ local_facts['user_dir'] }}/.ssh" # @TODO define 'cnode_homedir' in playbook
paths: "{{ local_facts['user_dir'] | default(lookup('env', 'HOME')) }}/.ssh" # @TODO define 'cnode_homedir' in playbook
patterns: "{{ ['^'] | product(ssh_keys) | map('join') | list }}"
file_type: file
use_regex: true

176
roles/init-server/tasks/userspace@install-pkgs.yml Normal file
View File

@@ -0,0 +1,176 @@
#SPDX-License-Identifier: MIT-0
---
# tasks file for roles/init-vps
- name: Acquiring home of current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo ~{{ ansible_user }}"
register: ansible_user_home
- name: Acquiring current user
when: ansible_facts["system"] == "Linux"
ansible.builtin.shell:
cmd: "echo {{ ansible_user }}"
register: current_user
- name: Creating prerequisite directory tree for installation scripts
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.local/bin"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Creating prerequisite directory tree for unarchived archives
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/downloads/archives/released"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Creating prerequisite directory tree for package installation executables
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/.local_pkgs"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Creating prerequisite directory tree for git repos
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/repos/.foreign"
recurse: true
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
state: directory
- name: Installing Linux software
when: ansible_facts["system"] == "Linux"
block:
- name: Installing software using Debian package manager
when: ansible_facts["os_family"] == "Debian"
become: true
block:
- name: Updating package cache
ansible.builtin.apt:
update_cache: true
- name: Registering a package source
when: item.sources != None
ansible.builtin.deb822_repository:
name: "{{ item.name }}"
uris: "{{ item.sources }}"
types: "{{ item.types | default('deb') }}"
suites: "{{ item.suites | default('*') }}"
components: "{{ item.comps | default('*') }}"
signed_by: "{{ item.sigkey }}"
state: present
loop: "{{ (pkgs.mngr.userspace | default([])) }}"
- name: Installing a local package in managed node
when: item.uri != None
ansible.builtin.apt:
deb: "{{ item.uri }}"
state: present
# @TODO add a default value for notify
# notify: "{{ item.name }}"
loop: "{{ (pkgs.mngr.userspace | default([])) | selectattr('uri', 'search', '\\.deb$') }}"
- name: Updating package cache
ansible.builtin.apt:
update_cache: true
- name: Installing a package
when: item.name != None and item.uri == None
ansible.builtin.package:
name: "{{ item.name }}"
state: latest
# @TODO add a default value for notify
# notify: "{{ item.name }}" # @TODO create corresponding roles/init-vps handlers
loop: "{{ (pkgs.mngr.userspace | default([])) | rejectattr('uri', 'search', '\\.deb$') }}"
tags:
- get_mngr_pkgs
- name: Installing software by executing installation shell scripts
become: true
become_user: "{{ current_user.stdout }}"
block:
- name: Acquiring installation shell script
when: item.src != None and ((pkgs.script.userspace | default([])) | length) > 0
ansible.builtin.uri:
url: "{{ item.src }}"
dest: "{{ ansible_user_home.stdout }}/.local/bin/{{ item.name }}-install.sh"
follow_redirects: safe
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
force: true
mode: "744"
# @TODO add a default value for notify
notify: "{{ (pkgs.script.userspace | default([]))[idx].name }}"
loop: "{{ (pkgs.script.userspace | default([])) }}"
loop_control:
index_var: idx
register: install_scripts
tags:
- get_script_pkgs
- name: Installing software by building it from source archives
block:
- name: Acquiring software source archive
become: true
become_user: "{{ current_user.stdout }}"
when: item.src != None
ansible.builtin.get_url:
url: "{{ item.src }}"
dest: "{{ ansible_user_home.stdout }}/downloads/archives/"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
force: true
backup: true
mode: "644"
loop: "{{ (pkgs.archive.userspace | default([])) }}"
register: archived_builds
- name: Create subdirectories for unarchiving
ansible.builtin.file:
path: "{{ ansible_user_home.stdout }}/downloads/archives/released/{{ (pkgs.archive.userspace | default([]))[idx].name }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "755"
state: directory
loop: "{{ archived_builds.results }}"
loop_control:
index_var: idx
- name: Unarchiving software build archive
become: true
become_user: "{{ current_user.stdout }}"
when: item.dest != None and ((pkgs.script.userspace | default([])) | length) > 0
ansible.builtin.unarchive:
src: "{{ item.dest }}"
remote_src: true
dest: "{{ ansible_user_home.stdout }}/downloads/archives/released/{{ (pkgs.archive.userspace | default([]))[idx].name }}/"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
# @TODO add a default value for notify
notify: "{{ (pkgs.archive.userspace | default([]))[idx].name }}"
loop: "{{ archived_builds.results }}"
loop_control:
index_var: idx
tags:
- get_archive_pkgs
- name: Installing software from source git repositories
block:
- name: Clone git bare repository
when: item.src != None
become: true
become_user: "{{ current_user.stdout }}"
ansible.builtin.git:
repo: "{{ item.src }}"
dest: "{{ ansible_user_home.stdout }}/repos/.foreign/{{ item.name }}"
version: "{{ item.branch }}"
clone: true
single_branch: true
loop: "{{ (pkgs.git_repos.userspace | default([])) }}"
register: installation_repos
# - name: Changing ownership of specific repo subdirectory
# become: true
# become_user: "{{ current_user.stdout }}"
# ansible.builtin.file:
# path: "{{ ansible_user_home.stdout }}/repos/.foreign/{{ item.name }}"
# recurse: true
# owner: "{{ ansible_user }}"
# group: "{{ ansible_user }}"
# notify: "{{ item.name }}"
# loop: "{{ (pkgs.git_repos.userspace | default([])) }}"
tags:
- get_git_pkgs
# @TODO add a reboot either here or in any of the handlers potentially notified from here in
# order to update environment (unless found better solution)

112
roles/init-server/templates/vimrc.j2 Normal file
View File

@@ -0,0 +1,112 @@
" Disable compatibility with vi which can cause unexpected issues.
set nocompatible
" Enable type file detection. Vim will be able to try to detect the type of file in use.
filetype on
" Enable plugins and load plugin for the detected file type.
filetype plugin on
" Load an indent file for the detected file type.
filetype indent on
" Turn syntax highlighting on.
syntax on
" Add numbers to each line on the left-hand side.
set number
" Jump to line by relative number
set relativenumber
{% if (vim_blockedcursor | default(True)) %}
" Highlight cursor line underneath the cursor horizontally.
set cursorline
" Highlight cursor line underneath the cursor vertically.
set cursorcolumn
{% endif %}
{% if (vim_spatialize | default(True)) %}
" Use space characters instead of tabs.
set expandtab
" Set tab width to 4 columns.
set tabstop={{ vim_tabgap | default(2) }}
{% endif %}
" While searching though a file incrementally highlight matching characters as you type.
set incsearch
" Show the mode you are on the last line.
set showmode
" Show matching words during a search.
set showmatch
" Use highlighting when doing a search.
set hlsearch
" Set the commands to save in history default number is 20.
set history={{ vim_historyspan | default(20) }}
{% if (vim_pathcompletion | default(True)) %}
" Enable auto completion menu after pressing TAB.
set wildmenu
" Make wildmenu behave like similar to Bash completion.
set wildmode=list:longest
{% if vimignore is defined or vimignore != None %}
" There are certain files that we would never want to edit with Vim.
" Wildmenu will ignore files with these extensions.
set wildignore={{ vimignore | join(',') }}
{% endif %}
{% endif %}
" PLUGINS ----------------------------------------------------------------
" Plugin code goes here.
call plug#begin('~/.vim/plugged')
Plug 'flazz/vim-colorschemes'
{% if (vim_eddelimiters | default(True)) %}
Plug 'tpope/vim-surround'
{% endif %}
{% if (vim_gitspice | default(True)) %}
Plug 'airblade/vim-gitgutter'
Plug 'tpope/vim-fugitive'
{% endif %}
{% if (vim_statusline | default(True)) %}
Plug 'vim-airline/vim-airline'
{% endif %}
{% if (vim_fancycomment | default(True)) %}
Plug 'scrooloose/nerdcommenter'
{% endif %}
{% if (vim_idelangs | default(True)) %}
Plug 'dense-analysis/ale'
{% endif %}
call plug#end()
" MAPPINGS ---------------------------------------------------------------
" Mappings code goes here.
" VIMSCRIPT --------------------------------------------------------------
{% if (vim_origami | default(True)) %}
" This will enable code folding.
" Use the marker method of folding.
augroup filetype_vim
autocmd!
autocmd FileType vim setlocal foldmethod=marker
augroup END
{% endif %}
" More Vimscripts code goes here.
" STATUS LINE ------------------------------------------------------------
" Status bar code goes here.